Even since growing up, I've watched films in which the "bad guy" is repeatedly tracked down when they call the police or FBI or police force de jour. They always have "about 30 seconds". Regardless of whether those specific realisations are accurate or not, I've never understood what is going on technically when a phone is traced.

This question has three related parts:

1) What are the technical aspects to tracing a phone call; is it more difficult for mobile phone? Is it more difficult if the phone is on, but not actively being used to call?

2) Why are the tools necessary to trace phone calls not available to the general public? We have traceroute to find routing information for IPs -- why not phones? Is it a question of specialized equipment, access to telecomm systems, etc. or more social?

5 Answers
5

What are the technical aspects to tracing a phone call; is it more difficult for mobile phone?

In the old days, signaling was inline, hence the 2600hz hack. Calls were setup as one switch talked to another, then another, and so on until a circuit was established end-to-end. In the modern age, everything is out-of-band over SS7 and every switch is lined up at the same time. The calling station is identified at the start and no tracing is really necessary.

Mobile phones do take more effort because a mobile number isn't attached to a given switch. Thus, while the far end knows what the number is, where it is involves extra technology. The cellular phone company can identify what towers the phone is associated with and thus instantly know the region it is in. Further narrowing can be done based on signal strength comparisons, which of the tower's directional antennas are holding the signal, and GPS chips in phones.

Is it more difficult if the phone is on, but not actively being used to call?

Only a custom phone would act in a way where it didn't respond to the tower asking a question, so generally no.

Why are the tools necessary to trace phone calls not available to the general public? We have traceroute to find routing information for IPs -- why not phones? Is it a question of specialized equipment, access to telecomm systems, etc. or more social?

Social legacy and equipment access. The Internet doesn't have a separate signaling band and is based on the idea of independent operators controlling where their traffic goes. The phone company is based on the legacy of one company running the show. Switch access in the phone world is internal only to the phone company or whoever they want to specifically include. The Internet, on the other hand, doesn't really have a way of considering nodes special since everything is in the same band.

How does one prevent a (mobile) phone from being traced?

Nothing will save you from being traced down to the tower you're using, but you can really screw around with the triangulation metrics by using a directional antenna and some weak false associations or intermediary transmission layer such a radio that links you to your phone. In that case, finding your phone would leave the person chasing you still lacking a physical connection and having to trace something else. Done right, you can turn the default, "Within 100 feet," into, "Somewhere in this 20 square mile cone." That is a big time, knowledge, and equipment cost commitment, though.

You may also find some success in delaying tracing by using intermediate PBX systems to mask the actual caller. If you have dial-in access to a company's PBX, the trace will stop there and somebody will have to look at logs of associated calls into the system to try and correlate the responsible line. Nest a few of those and you may buy some time. You'll probably still eventually be traced no matter how short the call was, but it will no longer be instant.

@symcbean True, modern cellular systems require precise clocks and signal strength knowledge. There's still some "art" to coordinating that, though as far as making use of the information to a map location. That tech has been evolving. Either way, it's a long cry from the days where a cell phone was basically a VHF radio with a TNC.
–
Jeff Ferland♦Mar 14 '12 at 16:49

In addition to Jeff's and Rory's answers, there are some less conventional ways of tracking someone. Not by tracing his phone, but analyzing his call behavior. I worked on a datamining project were this was tested(it was based on MIT's Reality Mining). We would train the system with patterns gathered from statistics which you could get from a cellphone company. (tower id's, call durations,caller id's,...)

After that we ran test algorithms to see if we could, by just looking at the behavior, id a person if he had changed his phone number. We had successes ranging from 85-97 percent with I think about 92 percent average. It's not great but with other info you could easily determine who that person actually is and track him further. Even if he decides to change his phone number on a daily basis.

1) For wired phones this is very straightforward - the service provider knows where the call is coming from. It only gets more challenging (like in films) when the connection goes through multiple exchanges (they may need to get the information from the exchange) and especially with exchanges in other countries.

For mobile phones the issue is the same, but additional complexity comes from there being no wires, but instead a set of handover protocols between cells, providers etc. It can still be done, as the service providers need this information for billing purposes anyway, but it is more time consuming.

Mobile phones handover when on, even if not currently in a call, so location information will be available.

There are also certain tools which will allow some access to phones when they are off, but these seem to be in the realm of espionage.

2) Why should these tools be available to the public? Certainly in the UK this should only be available on an as-needed basis to law enforcement or emergency services.

3) The typical route used by criminals is actually to use throwaway phones and SIM cards, as it is challenging to try and hide location information, especially if a mobile phone's IMEI number is known, or CallerIQ is implemented by the provider.

I don't really understand why the movies continue to show it this way. As far as I am aware, I believe phone companies keep logs of all phone numbers called, and given a subpoena, will release to law enforcement the phone number that called you, regardless of how long the caller stays on the line.

I don't know why these tools are not available to the public. I imagine that this is likely because the phone company's customers would be upset if these tools were widely available, and so the phone company does not make them available. Note that, of course, you can always find out the phone number who is calling you using Caller ID, if the caller has not blocked it. Also, if you operate a toll-free number (a 1-800 number), you can receive the phone number of the caller regardless (even if they have blocked caller ID), via ANI information.

You cannot prevent a mobile phone number from being traced. You can prevent it from being linked to you personally by buying a "burner phone": i.e., buying a cheap pre-paid phone using cash (without providing your identity), using it once or for a limited time, and then discarding it. Note that all calls you place on such a phone can be linked. I would not rely upon this to protect yourself from a dedicated investigation. I do not advocate criminal activity: I mention this only so you can understand how some criminals operate.

3) How does one prevent a (mobile) phone from being traced?
You can get extra time by placing one phone to another.
Phone A and B is on one desk. You have phone C. Then you call from phone C to phone B and from phone A to target. Phone A and B is on different address. So, when they tracks down phone A, they see, that you are not here... Maybe need to modify little bit phone A and B. But You get idea. Of course You could add some TNT to phone B in case of emergency you need to destroy it. And activate TNT via SMS :)